Fixing some auth code

af368ed4 · okhin · 8d15804f · af368ed4
Commit af368ed4 authored Apr 19, 2017 by okhin
--- a/piphone.py
+++ b/piphone.py
@@ -490,15 +490,15 @@ def static_files(filepath):
 def login_admin(user, password):
    db = sqlite3.connect(config['piphone']['db'])
-    user = db.execute('SELECT api, token, admin FROM users where api = ?', (user,))
+    sql_user = db.execute('SELECT token, admin FROM users where api = ?', (user,))
-    user = user.fetchone()
+    sql_user = sql_user.fetchone()
-    if user is None:
+    if sql_user is None:
        # user does not exist
        return False
-    if password != user[1]:
+    if password != sql_user[0]:
        # password does not match
        return False
-    if user[2] == 0:
+    if sql_user[1] == 0:
        # User is not admin
        return False
    return True